Security Incidents

Gate News message, the Drift Protocol exploiter has purchased an additional 1,195 ETH for $2.46M USDC. The hacker's wallet now holds 130,262 ETH valued at $267.67M. According to Onchain Lens, Drift Protocol was exploited for over $270M, with the stolen funds converted into 129,067 ETH worth $277.4

Chinese police have escorted back to China the key figure Li Xiong, who is alleged to have led the Huione criminal network from Cambodia and faces charges including fraud and money laundering. The network is linked to a global illegal online trading system, which has handled more than $89 billion in crypto assets. Although the core members were arrested, the Huione system is still operating using new methods, reflecting the complexity of laundering crypto assets and the challenges faced by global regulation.

Prince Group’s core member Li Xiong was escorted back to China by the Ministry of Public Security of China on April 1, after being arrested in Cambodia. He is suspected of multiple offenses including fraud and money laundering. He is the chairman of Huowang Group, which is under the Prince Group umbrella. The amount involved in the group’s cryptocurrency business reaches $24 billion, and the money-laundering amount is at least $4 billion. This operation was carried out with cooperation from Cambodia, and it has raised issues related to international judicial cooperation.

Drift Protocol recently suffered a complex attack. Malicious actors used the durable nonce technology to obtain unauthorized administrative privileges, resulting in approximately $280 million in funds being withdrawn. The investigation found no program vulnerabilities; it may involve social engineering. Drift has frozen protocol functionality and updated the multisig to protect assets.

April 2, the Drift attack incident affected multiple DeFi protocols, including Reflect Money and Ranger Finance, among 11 projects. Some projects paused features such as minting and withdrawals. Ranger Finance lost about $900,000, accounting for 6% of its total value; Pyra also paused the relevant functions because users’ funds were affected.

Google releases a white paper warning that quantum computers may break Ethereum, putting hundreds of billions of dollars in assets at risk. The report points out that there are multiple vulnerabilities in systems such as giant whale wallets, DeFi management keys, and staking systems, and that a high level of alertness is needed. The Ethereum Foundation has already launched research into post-quantum cryptography and plans to carry out a system upgrade before 2029.

Gate News, April 2, Wormhole issued an official response to the attack on Drift, stating that Wormhole users’ assets are not currently at risk and that the cross-chain bridge functionality can still be used normally. However, due to the built-in security mechanisms configured for Solana, some cross-chain transfers may experience delays. Wormhole’s core contributors have been in communication with the Solana ecosystem team and will continue providing support as needed.

Loopscale’s declaration is not directly related to Drift. Most funds are secure, with some indirect exposure. Deposits in the SOL Genesis Vault will fully reimburse users; deposit and withdrawal functionality is temporarily disabled, and will be reopened once services are restored.

Decentralized exchange Drift Protocol was hacked on April 2, resulting in losses of up to $280 million, becoming one of the largest DeFi security incidents in the Solana ecosystem. The attacker exploited a multisig vulnerability to obtain administrator keys and quickly transferred assets. Drift has paused deposits and withdrawals and has promised to continue updating the incident investigation. Security experts noted that this incident highlights the risks of high-privilege key management for DeFi protocols, urging stronger security measures to protect users’ assets.

Trust Wallet’s Discord short link was hijacked and points to a malicious phishing server. Users should immediately stop clicking the relevant links and wait for official confirmation that they are safe. The newly released address poisoning protection feature can actively screen for potential scam addresses. Since 2025, Trust Wallet has faced multiple security challenges, so users need to take precautions.

Drift Protocol draws attention after a hacking incident. The DRIFT token plunged 28% in a single day; the current price is only $0.049, down as much as 98% from its all-time high. The attacker stole $285 million after a private key leak and converted it into ETH; the service has been suspended. The incident has raised questions about the security of the Solana ecosystem, and the market is closely watching the follow-up compensation plan and investigation results.

SlowMist analyzed the Drift Protocol hack, pointing out that the core vulnerability was that the multisig mechanism change did not include a time lock. After the attacker gained administrator privileges, they systematically extracted assets by forging tokens, manipulating oracles, and disabling security modules, ultimately stealing about 105,969 ETH. ZachXBT criticized Circle for not freezing USDC in time during this process, which had a negative impact on the industry and sparked widespread discussion.

Drift Protocol suffered a major security incident on April 1, with losses exceeding $270 million, and TVL dropped sharply within 12 minutes. The investigation shows the attackers began deploying three weeks earlier, using forged tokens and an administrator key vulnerability to carry out manipulation, resulting in large-scale withdrawals of funds. The incident dealt a severe blow to market confidence, and Drift is seeking to recover the funds and strengthen its security protections.

Drift Protocol was hacked on April 1, when attackers stole about $285 million in assets, setting the record for the largest loss in DeFi security incidents in 2026. The hackers quickly converted funds to ETH and split up storage, increasing the difficulty of recovery. The industry is currently pessimistic about the likelihood of funds being recovered. This incident will intensify regulatory pressure on the DeFi industry and force developers to strengthen smart contract security.

The founder of SlowMist, Yu Xuan, disclosed that the Drift Protocol theft incident was caused by its migration to a 2-of-5 multisig scheme without a timelock, which enabled the attacker to quickly seize control of permissions and resulted in losses of over $200 million. He urged DeFi project teams to regularly review risks, and users need to pay attention to the protocol’s risk of capital loss.

ZachXBT criticized Circle for not taking action in the Drift hacking incident, with millions of USDC moved from Solana to Ethereum. Circle has frozen part of its hot wallets, but progress has been slow to resume. He says Circle is a bad actor in the industry.

Gate News, April 2, Unitas Protocol, a yield generation protocol, released a statement saying it was not affected by the Drift Protocol attack incident. Unitas Protocol has no exposure on Drift; all collateral is safe; all strategies (including the JLP Delta-neutral strategy) are running normally, and user funds are secure. Collateral can be accessed via Accountable and Primus

On April 2, an on-chain analyst disclosed that the Drift protocol vault was attacked. The attacker obtained funds via NEAR Intents 8 days earlier, remained inactive until receiving a large amount of assets, then moved the funds to multiple KYC-verified money-laundering addresses and transferred them to Ethereum via Wormhole, involving Tornado Cash.

On April 2, on-chain monitoring firm PeckShield warned that HyperEVM could face a major outage, with blocks and transactions coming to a halt, impacting users’ transaction confirmations and smart contract interactions. The official status page, however, shows “All Systems Operational,” reflecting insufficient monitoring of HyperEVM layer conditions. This outage exposed issues with the new mainnet’s early stability; the specific causes are pending an official announcement.

Bitcoin (BTC) dipped in the short term to $67,600. The U.S. Department of the Treasury launched a small consultation on regulatory guidance for stablecoins under the “GENIUS Act,” and the CFTC Chair said he is ready to regulate the entire crypto market. Amid market developments, spot Bitcoin inflows are slightly higher than outflows, and the CFTC and the SEC have signed an agreement to coordinate digital asset regulation.